OT - IGMP Protocol query

Instar · #1 September 16th, 2004, 01:52 AM

I used to use Trend Micro. It was good enough.
Anyhow, its a weird thing, trying to contact a non-existant site (unless its an evil government plot! The ILLUMINATTI are coming!)
Its a multicast IP protocol... hmm
No harm in continuing blocking it. I know IE has a toolbar thing that Adaware considers spyware. Get Adaware on disk and see what happens when you run it.

Thermodyne · #2 September 16th, 2004, 08:44 AM

It�s an unassigned IGMP address. I would just block it at the firewall. It�s probably just a multicast from your system (host) looking for members.

Here�s a link to IGMP

http://www.freesoft.org/CIE/RFC/1112/18.htm

As a rule of thumb, you should build a list of what the firewall needs to pass and then lock everything else down. In practice, we lock it all down and then open as needed. Often, we apply filters to the PIX�s on a per machine basis. Allowing all internally originating traffic is no longer seen as acceptable.

PS: TM's antivirus has had some bigtime patch blowups in the past.

Instar · #3 September 16th, 2004, 09:56 AM

"PS: TM's antivirus has had some bigtime patch blowups in the past. "
I didn't notice that when I used it, then again, I had a fast connection to download the patches with, and I had a huge HD anyhow.

Thermodyne · #4 September 16th, 2004, 10:08 AM

I had it on a small net with about 15 clients, two times in a 1 year period it blew up during update installs. Once it needed to be reinstalled and once it forced me to reload the systems. (thank god for ghost) Both times it was a known issue that they pushed the update out with. After that, I only support Norton in the contracts. If they want to skimp on AV, then it's T&M if it goes down.

Baron Grazic · #5 September 17th, 2004, 01:18 AM

I'm going to block all IGMP anyway, just wondering why a brand new XP box would be using it.
We've had TM for over 18 months now, with no patch problems.
I have a huge issue with them not detecting old viruses if the file size of the Virus has been changed. We have been hit twice like this, while our other Anti-Virus software detected the Virus.
Their GM was over-heard saying at a lunch meeting, that Anti-Virus software is the Last line of defense so if it is used, then your security is already failed.
Could be true, but it doesn't give them an excuse for their software not working.

minipol · #6 September 17th, 2004, 07:34 AM

Quote:

As a rule of thumb, you should build a list of what the firewall needs to pass and then lock everything else down. In practice, we lock it all down and then open as needed.

That's the only correct way to do it IMHO. Lock it down, watch the logs and look what bounced, then open if you know what service is responsible for the hit.